Cancer patient sues UCSD Health over 500K-record info breach

A patient in El Cajon, California, sued University of California, San Diego Health this past week over a security breach that potentially exposed the private information of 495,949 patients.  

The plaintiff, Denise Menezes, is raising allegations of negligence, breach of contract, breach of confidence, and the violation of California’s laws about medical privacy and unfair competition.   

She is seeking class-action status.  

“The data breach occurred because UC San Diego Health failed to implement reasonable security procedures and practices, failed to provide its employees with basic cybersecurity training designed to prevent ‘phishing’ attacks, failed to take adequate steps to monitor for and detect unusual activity on its servers, failed to disclose material facts surrounding its deficient data security protocols and failed to timely notify the victims of the data breach,” read the complaint, which was filed in California federal court.

UC San Diego Health representatives said the university cannot comment on pending litigation. 

WHY IT MATTERS  

According to the complaint, Menezes is being treated for breast cancer at UC San Diego Health’s Moores Cancer Center.

In September 2021, she received a notice informing her that she was among the patients whose data – including, in her case, full name, claims information, medical record number and treatment information – had been exposed in a phishing incident

According to UC San Diego Health, the hackers may have had access to private information for months.  

Still, “UC San Diego Health’s letter created more questions than it answered,” according to the complaint.  

Menezes’ attorneys say UC San Diego Health waited months to get in touch with individual patients, despite publishing a general notice about the incident in June.  

“Of course, a website posting did not identify which specific patients were impacted and was inadequate to affirmatively alert individuals impacted by the data breach to take measures to protect themselves,” said the complaint.  

They also say the letter is “downplaying the risk of misuse,” and missing key information about the incident or the hackers’ identities.  

“As a result of the data breach, Ms. Menezes has spent time and effort researching the breach and reviewing her financial and medical account statements for evidence of unauthorized activity, which she will continue to do for years into the future,” said the complaint.  

The complaint says that UC San Diego failed to comply with basic recommendations and guidelines that would have prevented the breach from occurring, stressing the negative consequences of medical identity theft.  

“Each data breach increases the likelihood that a victim’s personal information will be exposed to more individuals who are seeking to misuse it at the victim’s expense,” said the complaint.  

“Now that the investigation is complete, notifications to individuals whose data was impacted were sent beginning September 7, 2021, on a rolling basis where contact information was available,” said UC San Diego Health representatives in response to a request for comment.

“UC San Diego Health worked deliberately, while taking care to provide accurate information, as quickly as it could,” they added, noting that the university arranged for individuals whose data was impacted to receive one year of free credit monitoring and identity theft protection services through IDX.

“In addition to these actions, UC San Diego Health began taking remediation measures to enhance their security controls which have included, among other steps, changing employee credentials, disabling access points, and enhancing security processes and procedures,” said the representatives. “While there are a number of safeguards in place to protect information from unauthorized access, UC San Diego Health is also always working to strengthen them so we can further minimize the risk of this type of threat activity.”

THE LARGER TREND  

The lawsuit is proof that for health systems who are victimized by cyberattacks, the financial fallout can go beyond paying a ransom (something the feds still advise against) or having to halt procedures.  

And UC San Diego Health isn’t alone. Earlier this year, Scripps Health, also in San Diego, faced a handful of suits after a ransomware incident led to a weeks-long network shutdown.  

ON THE RECORD  

Menezes “suffered emotional distress knowing that her highly personal medical and treatment information is now available to criminals to commit blackmail, extortion, medical-related identity theft or fraud, and any number of additional harms against her for the rest of her life,” according to the complaint.

Kat Jercich is senior editor of Healthcare IT News.
Twitter: @kjercich
Email: kjercich@himss.org
Healthcare IT News is a HIMSS Media publication.

Note: This article have been indexed to our site. We do not claim ownership or copyright of any of the content above. To see the article at original source Click Here

Related Posts
Looking Back, Moving Forward thumbnail

Looking Back, Moving Forward

“When we engage in nostalgia, we are not moving toward the past. We are bringing the past to the present to help us plan for the future. Nostalgia pushes us forward, not back,” writes nostalgia researcher and psychologist Clay Routledge in his book Past Forward: How Nostalgia Can Help You Live a More Meaningful Life.
Read More
Como prevenir afogamento de crianças? thumbnail

Como prevenir afogamento de crianças?

Avalie o nosso conteúdo: Houve um erro fazendo sua requisição, por favor tente novamente! Obrigado!Sua avaliação é fundamental para que a gente continue melhorando o Portal Pebmed O Portal PEBMED é destinado para médicos e demais profissionais de saúde. Nossos conteúdos informam panoramas recentes da medicina. Caso tenha interesse em divulgar seu currículo na internet,…
Read More
Video: Biliopancreatic diversion with duodenal switch thumbnail

Video: Biliopancreatic diversion with duodenal switch

From Mayo Clinic to your inbox Sign up for free and stay up to date on research advancements, health tips, current health topics, and expertise on managing health. Click here for an email preview. To provide you with the most relevant and helpful information, and understand which information is beneficial, we may combine your email
Read More
Index Of News
Total
0
Share